Solved

Exchange 2003 Server Queue Filling up!

Posted on 2012-12-27
6
302 Views
Last Modified: 2012-12-28
I've read every article and have done practically everything. I've made sure there isn't an open relay, I've applied Recipient Filtering ( Checked "Filter recipients who are not in the Directory" ), Sender Filtering, Connection Filtering, Sender ID Filtering, I've gone to Default SMTP Virtual Server - Access - Relay and ticked "Only the list below" and unchecked "Allow all computers which successfully authenticate to relay regardless of the list above" as well as left the "Computer list" blank under "Only the list below",  I've disabled port 25 on the firewall, changed the admin password, disabled accounts that weren't being used, enabled logging on NDRs and haven't seen the event id 1708 (to see if another account has been compromised), enabled Tar Pit, I've tested to make sure it isn't a DNS problem, and disabled NDR....

I'm still continuing to get hundreds of thousands of NDRs from unrecognized email accounts in the queue. I have no idea what to do to solve this problem :-( If someone could please point me in the right direction I'd appreciate it!
0
Comment
Question by:stevegarri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 20

Expert Comment

by:agonza07
ID: 38726157
Maybe they are not yours, maybe someone is just spoofing your email accounts and you're just getting the NDRs.

Check the headers on the NDR to see where they originated from. Might not be your IP.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38726234
Does your server receive emails directly or via a 3rd party filter service?

If direct, trial Vamsoft (www.vamsoft.com) and the pain will go away.

I'm assuming the sender of the messages is Postmaster@yourdomain.local?

Alan
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38726721
Even after closing the holes, you will still see messages pile up for some time afterwards. When a server has been abused, the spammer will send 1000s of messages as quickly as possible and it takes time for Exchange to process them. I have seen email contiue to pile up for six or seven hours after the server was disconnected from the internet. You will just have to wait it out unfortuantely.

Simon.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:stevegarri
ID: 38726832
The email has been piling up for over 24 hours. Message ID is adsfdjkafh234223@mail.mydomain.com

Sender is noreply@mail.yahoo-inc.com or tw-edm-auction@yahoo-inc.com

I've been constantly having to use the aqadmcli.exe tool to clear the queue :-( It's so wierd and I can't figure out where they are coming from. Anyone have any idea how I can stop this?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 38726859
That is what happens.
There will be 1000s of messages that Exchange is still processing. What you see in the queue is just the tip of what could be inside Exchange still waiting to be processed.

Simon.
0
 

Author Closing Comment

by:stevegarri
ID: 38728390
Yup you were right. A few hours later it ended up leveling off and zero-ing out :-) Exchange is all good! Thanks!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Mail Exchanger (MX) Record 5 41
How to run this powershell script in windows 12 server? 5 29
exchange, office 365 13 37
office 365 5 23
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question